NodeJS Secure Coding 3-Days

Secure programming is the best defense against hackers. This multi-layered hands-on course will demonstrate live real time hacking methods, analyze the code deficiency that enabled the attack and most importantly, teach how to prevent such vulnerabilities by adopting secure coding best practices in order to bullet-proof your NodeJS application.
The methodology of the cycle of knowledge is as follows: understand, identify, prevent. This methodology presents the student with analytical tools to keep a deeper understanding of coding vulnerabilities and implement security countermeasures in different areas of the software development lifecycle. The hands-on labs will enable the student to get a firsthand experience of the hackers world and what could be done to stop him. Using sound programming techniques and best practices shown in this course, you will be able to produce high-quality code that stands up to attack.
The course covers major security principles in the NodeJS applications, programming vulnerabilities, and specific security issues in NodeJS web applications.

Description

Secure programming is the best defense against hackers. This multi-layered hands-on course will demonstrate live real time hacking methods , analyze the code deficiency that enabled the attack and most importantly, teach how to prevent such vulnerabilities by adopting secure coding best practices in order to bullet-proof your Node JS application.
The methodology of the Cycle of knowledge is as follows: Understand, Identify, Prevent. This methodology presents the student with analytical tools to keep a deeper understanding of coding vulnerabilities and implement security countermeasures in different areas of the software development lifecycle. The hands on labs will enable the student to get a firsthand experience of the Hackers world and what could be done to stop him. Using sound programming techniques and best practices shown in this course, you will be able to produce high-quality code that stands up to attack.
The course covers major security principles in the Node JS applications, programming vulnerabilities, and specific security issues in Node JS web applications.

Topics

Topics

Day 1

Authentication

What is authentication

Store passwords securely

Hashing

Brute force

Dictionary attack

Anti-automation

CAPTCHA

Account lockout

User enumeration

Revealing too much information

Authorization

Client side authorization

Forceful browsing

UI based security

Implement authorization using middleware

Parameter tampering

Insecure direct object reference

File authorization

URL authorization

Injections and Input Validation

OS command injection

SQL Injection

Prepared statement

Mongo DB (NoSQL) Injection

Xpath injection

LDAP injection

Data type conversion

Black list

White list

Regular expression

Day 2

Output Encoding

Reflected/Stored Cross Site Scripting

XSS threats

Encoding types

XSS prevention cheat sheet

Node JS Encoding libraries

Swig template engine

Browser Manipulation

Cross Site Request Forgery (CSRF)

Anti CSRF token

Open redirect

Clickjacking

Auto complete

Browser’s cache

Session management

Cookie’s properties

Session fixation

Helmet middleware

File Handling

Directory traversal

Canonicalization

File extension handling

Filenames threats

Sanity filename with fs.realpathSync

Directory listing

Day 3

Data Confidentiality & Integrity

Homemade algorithm

Insecure communication

Secure traffic enforcement

Insecure storage

Symmetric encryption

A-Symmetric encryption

Java Cryptography Architecture (JCA)

Hash functions

Digital signatures

Error Handling

Information disclosure

Exceptions and stack trace

Default error pages

Customize error pages using express

Security Logging

Logging technologies

Events you should log

Events you should not log

Business Logic

Logical attacks

Flow bypassing

Replay attacks

Abuse of functionality

Target Audience

Target Audience

Node JS developers

Designers & architects

Prerequisites

Prerequisites

Basic knowledge of Node JS

Interested in this course? Have any questions?
Let us know and we’ll get back to you…